Acceptable Use Policy

Last updated: May 5, 2026 · Version 1.0

This Acceptable Use Policy (the “AUP”) describes how the paid Zafronix API products may and may not be used. It’s incorporated by reference into the API Terms of Service. We can update the AUP without amending the API Terms; the current version always applies. Material changes are announced 30 days in advance by email.

Short version: build whatever you want, give us credit on the public-facing parts, don’t resell us, don’t abuse the system, don’t use us to break the law.

What you can do

  • Build commercial and non-commercial applications that consume the API.
  • Display Output to your end users in any form (web pages, mobile apps, dashboards, infographics, articles, research papers, podcasts, video).
  • Cache Output internally with reasonable TTLs to reduce request volume. We don’t publish a hard cache ceiling, but caching results indefinitely while still calling them “live” isn’t consistent with how the data is delivered.
  • Process Output as one input among many in machine-learning, statistical, or analytical models that produce something materially different from the original API surface.
  • Share Output excerpts on social media or in articles, with attribution.
  • Build internal tools at your company (commercial use is fine; per-seat licensing is not required).

Attribution

Any application or page that displays Output to end users must include a visible “Powered by Zafronix WC API” attribution with a link to zafronix.com. Acceptable placements include:

  • A footer link on the page or screen showing Output
  • An “About” or “Data sources” section that mentions us alongside other sources
  • The first paragraph or byline of an article that quotes our data
  • A credits screen in a mobile app

Backend-only use that doesn’t expose Output to end users (internal pipelines, batch analytics, ML training) does not require visible attribution.

Customers on a Plan that explicitly waives attribution in writing (currently the Enterprise tier, when designated) may omit it. Free trial usage requires attribution.

What you can't do

The following uses are prohibited and may result in suspension or termination:

Don't resell us

  • Don’t republish bulk Output as a downloadable dataset, a competing API, or a mirror site, with or without attribution.
  • Don’t sublicense your API key or share it across organizations. One key, one customer.
  • Don’t build a thin wrapper whose primary value is exposing our data through a different interface.
  • Don’t aggregate Output with intent to substitute for our API for downstream consumers.

Don't abuse the system

  • Don’t exceed your Plan’s rate limit by rotating IPs, multiple keys, or evasion techniques. If you need more headroom, upgrade your Plan or contact us.
  • Don’t use our endpoints to enumerate, scrape, or extract upstream data sources we depend on.
  • Don’t test our API surface for vulnerabilities without prior written authorization. Reports of security issues are welcome at security@zafronix.com; aggressive testing without authorization is not.
  • Don’t use the API in a way that causes outsized infrastructure load relative to your Plan (e.g., querying tens of millions of records per minute on a tier rated for hundreds).

Don't break the law (or help someone else break it)

  • Don’t use the API to facilitate illegal sports betting in jurisdictions where you or your end users aren’t licensed to operate.
  • Don’t use the API in connection with money laundering, fraud, sanctions evasion, or financing of designated terrorist organizations.
  • Don’t use the API to harass, defame, dox, or otherwise harm individuals.
  • Don’t use the API to generate or distribute content that infringes third-party intellectual property rights, except as permitted under fair use or equivalent doctrines.
  • Don’t use the API in any way prohibited by US, UK, EU, or applicable local law where Customer or its end users are located.

Don't misrepresent what we provide

  • Don’t imply that Zafronix endorses your application, partnership, or use of Output, unless we’ve agreed in writing.
  • Don’t represent Output as your own original data or as data sourced from someone other than Zafronix.
  • Don’t claim or imply Output is real-time or has higher accuracy than what’s documented for the relevant endpoint.

Rate limits

Each Plan has a published per-tier rate limit. Limits are documented at the wc-api product page and on the rate-limit response headers we return on every request. We may adjust default limits with notice; we won’t reduce a Customer’s purchased limit during a billing period.

Sustained traffic at the limit is fine. Bursts above the limit are throttled (429 responses); persistent attempts to exceed the limit despite throttling will trigger automated and then human review.

How we enforce

We respond to AUP issues proportionally:

  1. Automated friction. Rate-limit violations trigger 429 responses. Sustained automated abuse can trigger temporary IP-level throttling.
  2. Warning email. For first-time, non-urgent issues we email the billing address with what we observed and what we expect to change.
  3. Throttle. If the issue continues, we may reduce the API key’s effective rate limit until it’s resolved.
  4. Suspension. The API key stops authenticating. We notify the billing address with the reason and the path back.
  5. Termination. The account is closed and the API key is permanently revoked. For paid periods already collected, the Refund Policy applies.

For severe issues — security incidents, fraud, illegal use, abuse causing harm to other Customers — we may skip directly to suspension or termination without prior warning, and notify after.

Reporting violations

If you see a Zafronix API being used in violation of this policy — especially harmful, illegal, or abusive use — report it to abuse@zafronix.com. Include:

  • The URL, app name, or other identifier of where you observed the behavior
  • What you observed and when (timestamps with timezone help)
  • Any screenshots, logs, or other evidence
  • Your contact email if you’re open to follow-up

We respond to abuse reports within two business days. Reports may be confidential; we don’t share reporter identity with the reported party without consent.

Security disclosures

If you’ve found a security issue with the API or our infrastructure, please email security@zafronix.com rather than abuse@. Coordinated disclosure is appreciated; we don’t pay bug bounties at this time but we credit researchers who report responsibly. Don’t test for vulnerabilities against live customer data without prior written authorization.

Changes to this AUP

This AUP may be updated. Material changes are announced by email to active Customers at least 30 days before they take effect. The version number and last-updated date at the top of the page change with each update. Prior versions are archived; ask us if you need a copy.

Contact

Abuse: abuse@zafronix.com · Security: security@zafronix.com · General: support@zafronix.com · Contact form